duplicazione di tutti i processi!!!

pikkolino · 02-07-2004, 14:07

riporto intanto il file di hijackthis

Logfile of HijackThis v1.98.0
Scan saved at 14:51:48, on 2004-7-2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\TEMP\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\TEMP\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\spoolsv.exe
C:\WINDOWS\system32\netcom.exe
C:\WINDOWS\TEMP\netcom.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\TEMP\srvany.exe
C:\WINDOWS\TEMP\resetservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\rundll32.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\rundll32.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\atiptaxx.exe
C:\WINDOWS\System32\devldr32.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\evntsvc.exe
C:\WINDOWS\System32\desktop.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\desktop.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\ctfmon.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\System32\taskmgr.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\HijackThis.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\HijackThis.exe

R3 - URLSearchHook: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll
O2 - BHO: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus Professional\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: µçÌ¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus Professional\NavShExt.dll
O3 - Toolbar: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] rem C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Ê¹ÓÃÍø¼Ê¿ì³µÏÂÔØ - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ê¹ÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: µ¼³öµ½ Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ÊÖ»ú¶ÌÐÅ - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Çé¾°ÁÄÌì - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O9 - Extra button: ÉÏÍøÖúÊÖ - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: ÍøÖ·´óÈ« - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com/mp3wz.htm (file missing)
O9 - Extra 'Tools' menuitem: ÍøÖ·´óÈ« - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com/mp3wz.htm (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.exe
O9 - Extra 'Tools' menuitem: ÌÚÑ¶QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: ÐÞ¸´ä¯ÀÀÆ÷ - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: ÇåÀíÉÏÍø¼ÇÂ¼ - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra button: Alice - {E8BEE8F1-8E8E-458B-A9B8-8DC6908E817C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O11 - Options group: [!CNS] ÍøÂçÊµÃû
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home

pikkolino · 02-07-2004, 14:08

inoltre ci sono varie icone bianche quali notepad, notron e altri programmi

il hdd e' sempre al lavoro che nn si sa cosa fa...
pero' una volta terminato il processo ndetect sembra calmarsi un po'...

c'e' quella cartella temp molto sospetta...pero' nn so cosa devo fare!!!

aiuto!!!

pikkolino · 02-07-2004, 14:17

Bilancino · 02-07-2004, 14:40

Condoglianze amico.........il tuo pc è una fogna

Comunque vedo una alessia1....chi è?

Ciao

pikkolino · 02-07-2004, 14:57

Quote:

Originariamente inviato da Bilancino
Condoglianze amico.........il tuo pc è una fogna

Comunque vedo una alessia1....chi è?

Ciao

e' una fogna in che senso???

pikkolino · 02-07-2004, 15:19

ho inoltre notato una cosa strana...ogni volta che eseguo qlc si copia nella cartella documents and settings\nome\locals~1\temp....cosa puo' essere?!!??!?!??!

aiuto!!!!

MrOZ · 02-07-2004, 18:00

Ciao prova con l'ultima procedura di questo 3d http://forum.hwupgrade.it/showthread...&pagenumber=3. poi prova con adaware6 e spybot 1.3 aggiornati.

poi xò mi fai conoscere alessia1

Pezzulu · 02-07-2004, 18:19

Quote:

Originariamente inviato da MrOZ

poi xò mi fai conoscere alessia1

L'avrei chiesto io

ps:non mi hai risposto al pvt....fa niente mi sa che ho risolto da solo

MrOZ · 02-07-2004, 20:09

Quote:

Originariamente inviato da Pezzulu

ps:non mi hai risposto al pvt....fa niente mi sa che ho risolto da solo

[OT] scusami ma non ho proprio avuto tempo questa settimana... l'avrei fatto nel weekend... se ti interessa ancora dimmelo.

Ciao [/OT]

02-07-2004, 14:07	#1
pikkolino Member Iscritto dal: Feb 2002 Messaggi: 88	duplicazione di tutti i processi!!! riporto intanto il file di hijackthis Logfile of HijackThis v1.98.0 Scan saved at 14:51:48, on 2004-7-2 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\TEMP\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\TEMP\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\TEMP\spoolsv.exe C:\WINDOWS\system32\netcom.exe C:\WINDOWS\TEMP\netcom.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\srvany.exe C:\WINDOWS\TEMP\srvany.exe C:\WINDOWS\TEMP\resetservice.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\rundll32.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\rundll32.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\atiptaxx.exe C:\WINDOWS\System32\devldr32.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\devldr32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\evntsvc.exe C:\WINDOWS\System32\desktop.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\desktop.exe C:\WINDOWS\System32\ctfmon.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\ctfmon.exe C:\WINDOWS\regedit.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\WINDOWS\System32\taskmgr.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Downloads\HijackThis.exe C:\DOCUME~1\alessia1\LOCALS~1\Temp\HijackThis.exe R3 - URLSearchHook: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll O2 - BHO: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus Professional\NavShExt.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O3 - Toolbar: µçÌ¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus Professional\NavShExt.dll O3 - Toolbar: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroCheck] rem C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: Ê¹ÓÃÍø¼Ê¿ì³µÏÂÔØ - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ê¹ÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: µ¼³öµ½ Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: ÊÖ»ú¶ÌÐÅ - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing) O9 - Extra button: Çé¾°ÁÄÌì - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing) O9 - Extra button: ÉÏÍøÖúÊÖ - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing) O9 - Extra button: ÍøÖ·´óÈ« - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com/mp3wz.htm (file missing) O9 - Extra 'Tools' menuitem: ÍøÖ·´óÈ« - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com/mp3wz.htm (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.exe O9 - Extra 'Tools' menuitem: ÌÚÑ¶QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: ÐÞ¸´ä¯ÀÀÆ÷ - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: ÇåÀíÉÏÍø¼ÇÂ¼ - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O9 - Extra button: Alice - {E8BEE8F1-8E8E-458B-A9B8-8DC6908E817C} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O11 - Options group: [!CNS] ÍøÂçÊµÃû O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home

02-07-2004, 14:40	#4
Bilancino Senior Member Iscritto dal: Jun 2001 Città: Lazio Messaggi: 5935	Condoglianze amico.........il tuo pc è una fogna Comunque vedo una alessia1....chi è? Ciao __________________ HP Gaming 16 I7 10750H, nVidia GTX1650TI 4Gbyte DDR6, 16Gbyte di Ram, SSD INTEL 500Gbyte, Amplificatore Denon PMA-510AE, Diffusori Q Acoustics 3020i

02-07-2004, 18:00	#7
MrOZ Senior Member Iscritto dal: Jun 2003 Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002 Messaggi: 4426	Ciao prova con l'ultima procedura di questo 3d http://forum.hwupgrade.it/showthread...&pagenumber=3. poi prova con adaware6 e spybot 1.3 aggiornati. poi xò mi fai conoscere alessia1 Ultima modifica di MrOZ : 02-07-2004 alle 20:10.

02-07-2004, 14:08	#2
pikkolino Member Iscritto dal: Feb 2002 Messaggi: 88	inoltre ci sono varie icone bianche quali notepad, notron e altri programmi il hdd e' sempre al lavoro che nn si sa cosa fa... pero' una volta terminato il processo ndetect sembra calmarsi un po'... c'e' quella cartella temp molto sospetta...pero' nn so cosa devo fare!!! aiuto!!!

02-07-2004, 14:17	#3
pikkolino Member Iscritto dal: Feb 2002 Messaggi: 88

02-07-2004, 15:19	#6
pikkolino Member Iscritto dal: Feb 2002 Messaggi: 88	ho inoltre notato una cosa strana...ogni volta che eseguo qlc si copia nella cartella documents and settings\nome\locals~1\temp....cosa puo' essere?!!??!?!??! aiuto!!!!

Strumenti
Mostra una versione stampabile Invia questa pagina per email